Splunk:如何启用Splunk SSO

问题描述 投票:0回答:2

我有splunk,并尝试启用splunk SSO,而不是常规身份验证。我有如下配置:

在/opt/splunk/etc/system/local/server.conf中

[general]
trustedIP = 192.168.1.208
serverName = Splunk_Core_02
pass4SymmKey = $7$RRvdYDdIlj4P2geQdtHluTRb7OfvZhTFTZGJ7z5JiZAkJ6Q1at6j0Q==
sessionTimeout = 30s

[sslConfig]
sslPassword = $7$m6pB5a0PWFg64VlNZGgunhGElO3qLiAc6NrhfLO+tpX2jR7WC7qm1Q==

[lmpool:auto_generated_pool_download-trial]
description = auto_generated_pool_download-trial
quota = MAX
slaves = *
stack_id = download-trial

[lmpool:auto_generated_pool_forwarder]
description = auto_generated_pool_forwarder
quota = MAX
slaves = *
stack_id = forwarder

[lmpool:auto_generated_pool_free]
description = auto_generated_pool_free
quota = MAX
slaves = *
stack_id = free

[license]
active_group = Enterprise

[diskUsage]
minFreeSpace = 1024

[lmpool:test_splunk]
quota = MAX
slaves = *
stack_id = enterprise

在/opt/splunk/etc/system/local/web.conf

[settings]
#SSO
SSOMode = permissive
trustedIP = 192.168.1.208,192.168.2.15,127.0.0.1
remoteUser = REMOTE-USER
#tools.proxy.on = False

root_endpoint = /splunk

#SSL
enableSplunkWebSSL = 0

httpport = 8000

mgmtHostPort = 127.0.0.1:8089

appServerPorts = 8065

splunkdConnectionTimeout = 30

enableSplunkWebClientNetloc = False

# SSL certificate files.
privKeyPath = $SPLUNK_HOME/etc/auth/splunkweb/privkey.pem
serverCert = $SPLUNK_HOME/etc/auth/splunkweb/cert.pem

...

我看到http://192.168.1.208:8000/debug/sso页面,我看到未启用SSO。我的配置出了什么问题?

splunk
2个回答
1
投票

https://docs.splunk.com/Documentation/Splunk/8.0.3/Security/ConfigureSplunkSSO

进行这些更改后您是否重新启动了splunk?

在/opt/splunk/etc/system/local/web.conf中,remoteUser = REMOTE-USER更像是REMOTE_USER

0
投票

server.conf中有多个文档说,可信IP是127.0.0.1。但是他们都没有提到只有127.0.0.1有资格启用/激活SSO。因此,请勿配置其他IP地址,而不要配置127.0.0.1

并且在server.conf(/opt/splunk/etc/system/local/)中,您可以only配置one受信任IP,它是127.0.0.1

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.